Back to search
CVE-2012-4034
Published: Aug 12, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.htbridge.com/advisory/HTB23101
x_refsource_MISC
http://www.pbboard.com/forums/t10353.html
x_refsource_MISC
54916
vdb-entry
x_refsource_BID
http://www.pbboard.com/forums/t10352.html
x_refsource_MISC
84480
vdb-entry
x_refsource_OSVDB
50153
third-party-advisory
x_refsource_SECUNIA
pbboard-indexscript-sql-injection(77501)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now